public void UpdatePassword(int id, string oldPassword, string newPassword) { using (var db = new OnlineCasinoDb()) { var userForUpdate = db.Users.FirstOrDefault(u => u.Id == id); if (userForUpdate == null) { throw new NotFoundException(); } var saltedOldPassword = CryptographicManager.GenerateSHA256Hash(oldPassword, userForUpdate.Salt); if (!object.Equals(userForUpdate.Password, saltedOldPassword)) { throw new BadRequestException(); } var saltedNewPassword = CryptographicManager.GenerateSHA256Hash(newPassword, userForUpdate.Salt); userForUpdate.Password = saltedNewPassword; db.Users.AddOrUpdate(userForUpdate); db.SaveChanges(); } }
public bool IsPasswordCorrect(int id, string password) { using (var db = new DiceGamingDb()) { var user = db.Users.FirstOrDefault(u => u.Id == id); if (user == null) throw new BadRequestException(); var saltedPassword = CryptographicManager.GenerateSHA256Hash(password, user.Salt); return object.Equals(user.Password, saltedPassword); } }
public UserDto Get(string username, string password) { User user; using (var db = new DiceGamingDb()) { user = db.Users.FirstOrDefault(u => object.Equals(u.Username, username)); if (user == null) throw new NotFoundException(); var saltedPassword = CryptographicManager.GenerateSHA256Hash(password, user.Salt); if (!object.Equals(user.Password, saltedPassword)) throw new BadRequestException(); } return CreateUserDTO(user); }